JERRY WOLKOFF BLOG-IN LOVING MEMORY OF MY SON STEVEN NATHANIEL WOLKOFF, MY FATHER SAMUEL WOLKOFF, AND ALL THE OTHER VICTIMS OF INJUSTICE, EVIL IN THIS WORLD.THEY DIMINISH YOUR RIGHTS,THEN THEY DIMINISH YOUR EXISTENCE, THEN THEY LIE ABOUT IT, SAY YOU NEVER EXISTED, AND THE PROBLEM IS PEOPLE FORGET THE SUFFERING THAT LASTS FOREVER, NEVER KNOW THE TRUTH BY WHOSE HANDS, OR HOW YOU WERE KILLED.

Tuesday, April 8, 2014

Once again, a major story has been revealed today about a seriously weakness in Internet web security that affects at least 66 per cent of all Internet web sites.Amazingly, this flaw has existed for over two years without any of the web sites affected even being aware of the problem.Instead, this security error has been discovered by an independent group of technology researchers.

So much for the illusion that anyone has left that their personal information is protected from identity thieves and we are all victims or potentially vulnerable to this huge problem.

The real problem is that the web site providers, almost all of them Corporations, are simply too lazy, too cheap, to spend the money necessary in providing stronger security internally on their sites to protect us.

What's a person to do?

Nothing is the answer, since technology is everywhere, and there is no way to avoid your information being stored on a server maintained by these websites.

Even if you never used the Internet, your information is entered through store purchases and "mined" by Company's that sell your marketing information, profile, and most of who you are to other Company's that then enter it all into their web server data base.

Technology cannot continue on its current course of slipshod, weak and indifferent policies of not protecting the public in a better manner.

"Heartbleed" Hits Up To 66 Percent Of the InternetThe Heartbleed bug has affected the back end of a full two thirds of the Internet.

As much as 66 percent of the Web may have been compromised by a newly revealed security flaw called Heartbleed.

Named by the researchers who discovered it, Heartbleed is a bug that
affects an important Internet security protocol called SSL.
Specifically, it affects one particular implementation of SSL called
OpenSSL.

For context (and to understand how bad Heartbleed is),
here's how SSL and OpenSSL work: Every time you log into a website, your
login credentials are sent to that web site's server. But in most cases
those credentials aren't simply sent to the server in plain text,
they're encrypted using a protocol called Secure Sockets Layer, or SSL.

As
with most protocols, different software makers have created different
implementations of SSL. One of the most popular is an open-source
implementation called OpenSSL, used by an estimated two thirds of
currently active websites.

Heartbleed is a bug in OpenSSL.
Hackers can exploit Heartbleed to get raw text from emails, instant
messages, passwords, even business documents -- anything a user sends to
a vulnerable site's server.

And the scariest part?

The
Heartbleed security flaw existed for nearly two years before it was
discovered by legitimate researchers. That's plenty of time for
black-hat hackers to have discovered and exploited the bug.

Matthew Prince, CEO of content delivery network
Cloudflare, one of the first businesses to be notified of the bug, told
The Huffington Post that sadly, there's not much normal netizens can do
to protect themselves. "When you finish using a website, make sure to
actively log out," Prince advised that makes it less likely that a
hacker exploiting Heartbleed will be able to take your personal
information.

Prince also put in a word of comfort: "Heartbleed is
so serious, it's such a big, bad event, that almost every major
service is scrambling to clean it up as quickly as possible." He
estimated that most currently vulnerable websites will be "patched" by
the end of the week.

Though a number of major websites have
already been patched, others, including OKCupid, Flickr, Imagur and
Yahoo.com, reportedly remain vulnerable to Heartbleed.

Vulnerable sites should not be
logged into until they're patched check those sites' blogs or Twitter
feeds for updates and once a website has its patch in place, you
should change your password for that site as soon as possible.

What makes these problems so frightening is that no-one appears to be awake in these IT departments of the worlds Company's to even catch a major security flaw such as heartbleed.

If the private researchers hadn't discovered this bug on their own, no-one would even know that it exists.

To be honest, there has to be hundreds of security flaws in the various technologies that exist.

Soon there will be another one discovered and everyone will rush to "patch it".Patches are just what the word means, they are temporary ways of closing a loophole in software.

The only way to fix these problems is for Corporations to invest the resources and time to take this seriously.Perhaps they should hire those that steal by exploiting these bugs, to redesign their web sites.Don't hold your breath about this ever happening,as it's not "cost effective" to protect your privacy in the Corporate culture of this world.

Search This Blog

Translate

About Me

By accessing this Blog, a web browser (hereafter user) consents that she/he is familiar with, understands and absolutely accepts the following blog disclaimer:
This is a personal blog. The views and opinions expressed on this Blog are my own, not those of any one else.
While I try and make this blog as accurate to my life as possible some things are deliberately left out or censored by me, and as such my postings are not to be considered in any way a viable method for judging my character, or for any other purposes, doing so will be considered an infringement of my rights. Where possible any infringement of my rights will be pursued using applicable points of law.
All trademarks, service marks, collective marks, design rights, personality rights, copyrights, registered names, mottos, logos, avatars, insignias and marks used or cited by this Blog are the property of their respective owners and this Blog in no way accepts any responsibility for an infringement on anyone of the above.